Millennials have been blamed for killing many fine and decent things – ranging from products to hobbies to entire industries – and now you can add data protection to the list of casualties as well, according to a new report from Shred-it.

Shred-it, a global information destruction services firm, hired Ipsos to conduct a study in Canada of small business owners (surveying 1,002) and C-suite executives of companies with more than 100 employees (surveying 100). The results were made available in late June in Shred-it’s Security Tracker 2018.

Segmenting out the respondents into age groups, the study reports that millennials (defined here as age 18-34) are “not as savvy as we thought” when it comes to data protection practices.

Here are a few of the data protection sins that millennials commit, leading to greater risks of data breaches:

48 per cent leave their notebooks on their desk after they leave work for the day. Comparatively, 37 per cent of Gen-X and 21 per cent of baby boomers also do this.

37 per cent report leaving their computer on and unlocked after work, compared to 22 per cent of Gen-X, and 12 per cent of boomers.

Only half of millennials regularly shred confidential documents, compared to 65 per cent of Gen-X, and 52 per cent of boomers.

“It really is quite surprising that millennials are not taking the issue of data security as seriously as they should,” says Paul Saabas, vice-president of Shred-it, in a press release. “What the results show us is just because a younger person is comfortable using technology doesn’t necessarily mean they are knowledgeable about privacy and data risk issues. Without the right training and behaviour, they could be putting their employer at risk, not mention their own personal brand.”

At the same time, Shred-it can’t seem to decide if leaving your laptop on your desk or bringing it home to do work is riskier. “As working form home and open-concept offices become increasingly popular, businesses are put at greater risk of data breaches caused by human error,” the report states. ”

The report also finds that 89 per cent of large businesses and 50 per cent of small businesses support some sort of remote work model. The majority of C-Suite executives (82 per cent) and small business owners (63 per cent) feel the risk of a data breach is higher when employees work off-site. The confidence that employees understand company data storage and disposal policies are lower.

A Shred-it infographic details some of its survey findings. Click for a larger version of the image.

Whether the survey data Shred-it collected actually shows millennials are more likely to blame for data breaches is dubious. Leaving a laptop – even unlocked – in a secure physical location like an office isn’t very likely to lead to a data breach.

A Verizon Data Breach Investigations report from 2017 reviewed more than 42,000 incidents. It found 60 per cent of breaches involved hacking. Of those breaches, 81 per cent are linked to weak passwords and half include malware attacks. Only 14 per cent of data breaches are caused by employee errors.

An IBM-sponsored 2017 Ponemon study on the most common data breach causes suggests that human error-related data breaches are more often related to employees losing devices outside of the office rather than leaving unlocked laptops on their desks. For example, leaving a laptop prominently displayed in an unlocked car.

So while perhaps millennials should heed their IT directors and lock that laptop up in a drawer at the end of the day, the data doesn’t support Shred-it’s claim this is likely to lead to a data breach.